Vendor
Layui
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47075 | 0.00 | — | 0.00 | Sep 26, 2024 | LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are… | |||
| CVE-2023-50550 | 0.00 | — | 0.00 | Dec 30, 2023 | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | |||
| CVE-2023-3691 | 0.00 | — | 0.00 | Jul 16, 2023 | A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack… |
- CVE-2024-47075Sep 26, 2024risk 0.00cvss —epss 0.00
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are…
- CVE-2023-50550Dec 30, 2023risk 0.00cvss —epss 0.00
layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.
- CVE-2023-3691Jul 16, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack…